Results 1 to 10 of 12

Thread: Using A instead of MX record, in spite of setting

Hybrid View

  1. #1
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default Using A instead of MX record, in spite of setting

    Hi all, (ZCS 7.2.0)
    I've been having problem with my connection/server load.
    Almost no mail goes out, all bounce back with 'Connection timeout' or 'Connection refused'
    Upon closer inspection and head scratching, cursing at the upstream provider, etc. (The usual geek tantrums.), I've found that it seems Zimbra is not using the correct MX record to send out to.
    This server has public static IP with reverse DNS, I've tried with/without split-DNS, different DNS namservers, all stays teh same.
    I've tried to 'untick/tick' (turn it off and on again) the Use DNS option in ZCS web. Rebooted, etc. etc.

    See what I mean below, in the logs, it shows trying to speak to intekom.co.za at 196.25.69.14 but if I do a dig, the MX is supposed to be 196.25.211.70

    Any help how I can fix this? (I've tried to re-queue all messages in defereed queue, but they just pop right back)

    Code:
    Jul 10 16:31:17 mail postfix/error[16818]: 2FD465CC0113: to=<tar@intekom.co.za>, relay=none, delay=0.29, delays=0.16/0.04/0/0.09, dsn=4.4.1, status=deferred (delivery mporarily suspended: connect to intekom.co.za[196.25.69.14]:25: Connection refused)
    Code:
    [root@mail ~]# dig intekom.co.za mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> intekom.co.za mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18034
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;intekom.co.za.                 IN      MX
    
    ;; ANSWER SECTION:
    intekom.co.za.          654     IN      MX      20 mail.intekom.com.
    
    ;; ADDITIONAL SECTION:
    mail.intekom.com.       401     IN      A       196.25.211.70
    
    ;; Query time: 58 msec
    ;; SERVER: 168.210.2.2#53(168.210.2.2)
    ;; WHEN: Tue Jul 10 16:31:32 2012
    ;; MSG SIZE  rcvd: 79

  2. #2
    Join Date
    Mar 2006
    Location
    Massachusetts
    Posts
    965
    Rep Power
    10

    Default

    So, your Zimbra server is directly connected to the Internet and you have authority / control over the DNS settings? I'm a bit confused about the "tried with/without Split DNS" comment. Typically you need to decide this prior to doing the install. If you make changes after the fact it could cause problems. Or did you re-install after making the changes?

    Also, do you know about the 196.25.69.14 IP address? Is this another one of your servers or a firewall / router?

  3. #3
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Thanks for your reply.
    No I did not change IPs or anything, just changed /etc/resolv.conf to either use local BIND or ISP DNS. Local BIND is setup to mirror the ISPs settings, i.t.o. MX, A records.
    The point is if I do a DIG MX I get the correct MX & A (So on CentOS side all seems fine), but Zimbra seem to want to use the domain's A record instead of the MX record's IP.
    "Use DNS" tick is on under "Global Settings" and "Server settings".
    I did upgrade from 7.1.3 to 7.2.0 but after some issues started.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by ekkas View Post
    No I did not change IPs or anything, just changed /etc/resolv.conf to either use local BIND or ISP DNS.
    That is incorrect, if you're behind a NAT router you should only use the DNS server on your LAN.

    Quote Originally Posted by ekkas View Post
    Local BIND is setup to mirror the ISPs settings, i.t.o. MX, A records
    This is also incorrect. I'd suggest you change the resolv.conf as I've mentioned above then go to the Split DNS article in the wiki and provide the output from all the commands in the 'Verify...' section of the article.
    Last edited by phoenix; 07-10-2012 at 11:16 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    That is incorrect, as you're behind a NAT router you should only use the DNS server on your LAN.

    This is also incorrect. I'd suggest you change the resolv.conf as I've mentioned above then go to the Split DNS article in the wiki and provide the output from all the commands in the 'Verify...' section of the article.
    Thank you for your effort, but I'm afraid you misunderstood my problem.
    The server have a static, public IP, not NAT or other routers. I've setup split-DNS for the sole purpose that when the Internet is down, at last the server knows about it's own MX record and internal users can send to each other.
    So in essense my split-DNS give the same results (MX & A) as what the public ISP DNS would give, just as an local copy on the server itself.
    I did run the 'Verify' sections ad infinitum
    My problem was that the OS (CentOS) DNS was working fine, but Zimbra tried to use the A record for that domain, instead of the MX record, which is what is supposed to happen if the 'Use DNS' option is unticked.
    I was puzzled because it was ticked and still this happened. Seems it needed to be requeued/rebooted.
    Time wounds all heals- John Lennon

  6. #6
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Seems I'm still experiencing some Zimbra DNS issues:

    Code:
    Jul 10 20:17:16 mail postfix/smtp[18853]: 3E72A2168127: to=<mbcvvans@daimler.com>, relay=none, delay=7973, delays=6313/1640/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=daimler.com type=MX: Host not found, try again)
    But seconds after"

    Code:
    [root@mail ~]# dig daimler.com mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> daimler.com mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22581
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;daimler.com.                   IN      MX
    
    ;; ANSWER SECTION:
    daimler.com.            2535    IN      MX      0 mail-in.daimler.com.
    
    ;; ADDITIONAL SECTION:
    mail-in.daimler.com.    2535    IN      A       141.113.103.103
    
    ;; Query time: 1767 msec
    ;; SERVER: 168.210.2.2#53(168.210.2.2)
    ;; WHEN: Tue Jul 10 20:17:44 2012
    ;; MSG SIZE  rcvd: 69
    Code:
    [root@mail ~]# telnet 141.113.103.103 25
    Trying 141.113.103.103...
    Connected to mail-in.daimler.com (141.113.103.103).
    Escape character is '^]'.
    220 mail-in.daimler.com ESMTP Postfix

  7. #7
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    It seems that after another reboot and some more deferred queue 'requeues', the mails are starting to be forwarded to proper MX instead of the A.
    It appears that postfix (zimbra/amavis?) remembers the IP it originally wanted to send it on, and a requeue let it re-lookup the MX again, or so it seems to me anyways.

    Mails are finally going out now.

Similar Threads

  1. Mx record
    By koststok in forum Administrators
    Replies: 11
    Last Post: 08-02-2011, 07:26 AM
  2. SPF record
    By maceee in forum Administrators
    Replies: 3
    Last Post: 07-07-2010, 03:33 AM
  3. Replies: 11
    Last Post: 05-12-2009, 07:26 AM
  4. Replies: 1
    Last Post: 12-16-2007, 08:15 PM
  5. PTR record
    By rpvaughnjr in forum Administrators
    Replies: 4
    Last Post: 04-06-2006, 08:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •